Krebs on Security

In-depth security news and investigation

Posts Tagged: DIR-100

D-Link has released an important security update for some of its older Internet routers. The patch closes a backdoor in the devices that could let attackers seize remote control over vulnerable routers.

D-Link DI-524 router.

The update comes roughly seven weeks after researcher Craig Heffner discovered and blogged about a feature or bug built into at least eight different models of D-Link routers that could allow an attacker to log in as administrator and change the router’s settings. Although the router models affected are fairly old, there are almost certainly plenty of these still in operation, as routers tend to be set-it-and-forget-it devices that rarely get replaced or updated unless they stop working.

According to Heffner, an attacker who identified a vulnerable router would need merely to set his browser’s user agent string as “xmlset_roodkcableoj28840ybtide”, and he could log in to the router’s administrative interface without any authentication. Heffer later updated his blog post with a proof-of-concept illustrating how attackers also could use the bug to upload arbitrary code to the vulnerable devices.